This disclosure relates generally to network routing protocols, and more particularly to methods and apparatus for providing a unified Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4) routing service over IPv4-only interfaces, including secure networks in a mobile wireless ad hoc network (MANET) environment.
Known High Assurance Internet Protocol Encryptor (HAIPE) devices that provide communications security (COMSEC) between black networks and red networks provide either IPv4-within-IPv4 or IPv6-within-IPv6 encapsulation for data packets; they do not provide either IPv6-within-IPv4 or IPv4-within-IPv6 encapsulation. As a result, a routing protocol (e.g., open shortest path first version 3 or “OSPFv3”) can not send its IPv6 control packets to peers over the IPv4 black network. Furthermore, if OSPFv3 is configured to run address family extensions for the IPv4 red network, it can not send or receive route control messages over an IPv4-only encryptor tunneling interface.
An Internet engineering task force (IETF) Internet protocol security (IPsec) specified in request for comment (RFC) 4301 allows independent Internet protocol (IP) versions for inner and outer headers that do not require the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) interface specified in RFC 5214. The Department of Defense (DoD) HAIPE specification is derived from IPsec. The capability of HAIPE devices being deployed vary based on their released date. Early versions of these devices support IPv4-within-IPv4 encapsulation only. Recent HAIPE specifications support IPv6-within-IPv6 encapsulation, however the specifications do not support mixed IP versions for the inner and outer header.
An OSPF extension to the OSPF broadcast interface for mobile ad hoc networks is disclosed in U.S. Pat. No. 6,977,937. This extension uses underlying mobile intranet routing to handle mobility and to provide stable abstraction. However, this reference does not disclose how to run red OSPF over black OSPF. Furthermore, it does not disclose how to run a red IPv6 routing protocol over black IPv4 networks.
A MANET extension of OSPF using connected dominating set (CDS) Flooding has been proposed by IETF. The MANET proposal extends the IPv6 routing protocol OSPFv3 and adds a new MANET interface. The IETF has also proposed address family extensions of OSPFv3 such that OSPFv3 can support IPv4 networks. However, these extensions rely on link local IPv6 addressing to exchange route control messages over dual-use IPv6/IPv4 interfaces. On interfaces that support both IPv4 and IPv6 natively, the proposed OSPFv3 address family extension can function properly with no modifications, i.e., OSPFv3 can send control messages and install both IPv6 and IPv4 routes on the same dual-use IPv6/IPv4 interface. The OSPFv3 address family extension allows an IPv6 routing protocol to install routes for IPv4 data networks. However, the proposed OSPFv3 family extension assumes that each IPv4 interface has an IPv6 link local address (i.e., the interface supports both IPv4 and IPv6 natively) and neighboring OSPFv3 nodes can exchange control packets over the link. This assumption is not valid for IPv4-only interfaces such as the interface provided by an IPv4-only HAIPE encryptor. As a result, OSPFv3 address family extensions cannot run directly over IPv4-only interfaces.
IETF OSPFv3 address family extension enables OSPFv3 to support both IPv4 and IPv6 data networks. A tunneling method is used to allow IPv6 nodes to exchange packets over IPv4 networks. In the case of the red/black architecture, IPsec (RFC 4301) allows IPv6 over IPv4. However, various versions of DoD HAIPE devices do not allow such operation.
DoD HAIPE 1.3.5 supports only IPv4 as both the inner and outer layers. DoD HAIPE 3.1 supports both IPv6-only as inner and outer layers, and IPv4-only as inner and outer layers.
U.S. patent application Ser. No. 20060215657 discloses the use of an ISATAP interface across network address translation (NAT). The patent does not disclose operation over IPv4-only interfaces within the same routing region, and in particular assumes no IP encryptors along the path (i.e., the path is either all black or all red).
OSPFv3 and ISATAP interface implementations are widely deployed in operational networks. In particular, an ISATAP interface is a Non-Broadcast, Multiple Access (NBMA) interface and as such is a standard interface type accepted by OSPFv3. In common practice, ISATAP interfaces are configured over underlying IPv4 MANET interfaces, with the ISATAP interface supporting IPv6 operations only and not IPv4 operations. Therefore, this existing art teaches only the installation via OSPFv3 of IPv6 routes on an ISATAP interface, i.e., it does not teach a method for supporting unified IPv6/IPv4 routing services over IPv4-only interfaces.